Bayshore Beacon is a purpose-built secure remote access solution for the most critical OT networks and endpoints. Unlike a traditional VPN, Beacon restricts sessions on both a per-user and per-endpoint basis, and provides policy enforcement via standard Bayshore OT policies.
Beacon is ideal for complex OT environments with multiple third parties all wanting remote access to their own systems and via their own mechanisms. Beacon customers retain full control and management of all remote access users and can choose when and how to enable access.
Beacon will be offered via a flexible subscription model. Register below to be notified when the online purchasing engine goes live, and to receive more details about Beacon in the meantime!
Q: How is Beacon different from a VPN?
A: Beacon controls access by protocol, port, and user. Before any access is permitted, Beacon requires a service on an endpoint to have been exposed (defining both the target port and protocol/service) and a user has to have been given explicit permission to access that endpoint/service combination.
Q: What is the Beacon transport architecture?
A: The Beacon Endpoint Gateway initiates a standard SSL tunnel from within your network to your provisioned cloud instance of the Beacon management interface. That tunnel is persistent by default, and only ever initiated from within your network to the external destination. Authorized remote users initiate a connection request from their locations via the Beacon client, which connects to your dedicated cloud instance, authenticates the user, and then maps their attempt connection to the known list of authorized endpoint/service destinations. If those checks all succeed, the cloud instance of the Beacon software proxies the remote user’s session into the Beacon Endpoint Gateway which, in turn, proxies it again to the actual target endpoint.
Q: Does Beacon support AD integration via LDAP?
A: Yes. Beacon can be configured to validate user and group credentials via your company’s AD server. To use this feature, the AD server is exposed to your Beacon cloud instance using a standard Beacon tunnel, and the LDAP queries are submitted during each user authentication action.
Q: Does Beacon support 2FA?
A: Yes. Beacon requests a mobile number for each user and uses SMS to submit an authorization code to that number each time the user authenticates themselves to the system.
Q: Is Beacon available in an appliance format I can deploy onsite?
A: Not yet. Our intention is to start with the cloud hosted version of Beacon and to make a purely on-premise version available in 2019.
Q: Can I use Beacon to enable persistent site-to-site OT protocol tunnels?
A: Yes. Contact us to discuss this use case in more detail.
Q: Can I get a trial or demo of Beacon?
A: You can subscribe for one month at the minimum subscription level, with no further obligation.
Q: When will Beacon be available?
A: We will begin taking orders for Beacon subscriptions on September 28. If you would like to be contacted when the ordering site goes lives, please complete the form below to register your interest.